Phishing e-mails are more prevalent (and dangerous) than ever

Credit to Author: Steven J. Vaughan-Nichols| Date: Tue, 08 Mar 2022 08:56:00 -0800

Phishing, those malicious e-mails that pretend to be legitimate messages, has been a problem since Canter and Siegel launched the first spam campaign in 1994. (Mea culpa — it seems they learned about this thing called the Internet from some of my articles.) Today, spam, while still annoying, is the least of our e-mail troubles. In addition to invading Ukraine, Russian agents are now doing their best to invade our IT systems via phishing e-mails.

How bad is it? According to e-mail security firm Avanan, Russian-based credential-harvesting phishing attacks have jumped eight-fold. Ow.

Adding insult to injury, it’s not just Russians who are trying to crack into your business’s servers. It’s also the same crooks using new variations on old scams trying to get your money. Here’s a list of the six most common phishing scams to watch out for the next time you open your e-mail.

The grandkid scam

This scam is particularly insidious because hackers use your own family against you! In this phishing attempt, elderly Americans might receive an email from their ‘grandchild’ that looks like this: “Grandpa! Help! I knew I told you I was going to be in Europe, but I didn’t tell you that I was going to Ukraine because I didn’t want you to worry. But now I’m stuck in Kyiv and I need a Bitcoin to….” You get the idea.

Before you dismiss this as something no one would ever fall for, think again. Today’s variants can some with real photos harvested from social media making this con seem all too real.

We need your support

In this scam, the hacker is attempting to appeal to your charitable side. For example, the email may ask you to help children orphaned by Russian aggressors; or aid homeless pets; or help Ukrainian refugees; etc.; etc.; etc. Don’t fall for these requests for money. Instead, only donate to verified and trackable organizations – like the organizations in this Washington Post story.

If you get me out of here, I will be your wife.

Ukrainian bride scams were common even before the invasion. Now, with over 1 million Ukrainian refugees, they’re likely to be more successful than ever. This is another one of those scams that many people believe they would never fall victim to… but think again. In 2021, the FBI reported romance fraud victims lost a cool billion bucks. Don’t fall for it.

Classic phishing

Who hasn’t gotten a message that purports to be from your bank or credit card company saying that something has happened to your account, and you must fix it immediately? The email then says you must  click a link and log in at the Web address below to set things right.

These emails prey on your sense of panic but think before you click. Never, and I mean never, click on any links from emails saying your account is in trouble. Call your bank first or login from the native site to verify.

Spear-phishing

Ordinary phishing is easy to spot once you know what you’re looking for. Spear-phishing attacks, where the message looks like it’s coming from a friend or a work colleague are much harder to spot.

To catch these, the easiest technique is to verify before you respond or click on anything. I find it helpful to simply ask the sender why they need the requested information? Also, check the sender’s email address – if it looks off it is probably a phishing attempt. Always keep in mind that just because a message looks like it’s coming from a co-worker, doesn’t mean that it’s actually coming from a co-worker.

Spear-phishing with malware

What about when they don’t ask you for anything, but just ask you to look at a file? Yeah, that’s probably a trick, too. For example, “You need to see these horrible photos from Kyiv!” or “You won’t believe that the State of Kentucky’s Teachers Retirement System was the second-largest shareholder for Sberbank of Russia!” (Wait, that last one is real.) If anything looks like clickbait, don’t open the file.

For that matter, unless you expect a file to arrive via email from a colleague, don’t open it. Period. And, by the way, what are you doing trading files by e-mail anyway? Why aren’t they using the office file server or the corporate cloud file system?

Listen, e-mail is invaluable – but you must use it safely. Now more than ever, you need to treat it cautiously. E-mail is often the front door to your company, and you need to make sure you don’t open it to just anyone. 

Besides teaching your team members the right way to handle e-mail, I strongly suggest you invest in anti-phishing tools or services. It’s better to spend money to keep trouble out instead of letting it in — and spending a fortune recovering from wiperware or ransomware.

Next, Read this:

http://www.computerworld.com/category/security/index.rss